"credentials" directory is not deleted during template deployment

[curtkersey]

Do you already have an issue opened with F5 support?

No support case opened.

Description

Deployed v3.4 of template, https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-lb/3nic/existing-stack/byol. During deployment, the "credentials" directory in the storage bucket that is created is not deleted. This causes an error if you try to delete the deployment.

Workaround: go to storage bucket, and delete the "credentials" directory. Deleting the deployment works after that.

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 5

[shyawnkarim]

This is the expected behavior.

Buckets are required to be empty before they're deleted. So before you can delete a bucket, you have to delete all of the objects it contains.

[curtkersey]

@shyawnkarim I understand it is expected; why do we not delete the "credentials" directory during the process. It makes the deletion manual when you have to go into bucket to delete.

[gwolfis]

Seeing this behavior still in GDM v3.10

[gwolfis]

@shyawnkarim if this is expected behavior, than we changed it somewhere in the releases of the template. I know we deleted everything from previous templates. Too me the credentials are created with the template and I would expect to be able to delete them with the same deployment as well. BTW. this behavior of not being able to delete the deployment because of the 'not empty' creds storage is still there in v3.11

[curtkersey]

I tested with v3.11.1, and now the credential bucket is empty at end of the deployment, which allows you to delete via Deployment Manager without having to manually empty the bucket.

[curtkersey]

I take that back. The deployment in case where credential directory was deleted, it was actually never created. In a successful deployment, credentials directory is left behind still

[shyawnkarim]

Closing.

I just tested this and everything appears to be working correctly.

In order to form a cluster of devices, a secure trust must be established between BIG-IP systems. To establish this trust, we generate and store credentials as credentials/primary in a Google storage bucket. Upon completion of a successful deployment, these credentials, as well as the corresponding local service account user, are deleted by the f5-cloud-libs cluster provider. If for some reason these credentials are not deleted, you may remove them at any time following deployment.